4;Vi E Nmi ENT T K A N !S\1 11 "T A Li. F. 


n i-.R 


Docket No. 


.Application No. | Hiinq t 


.ate j 


Fv3 "in-. * 
A. Widhaim 














f.v^:-,o METHODS AND SYSTEMS FOR SI 




ETRODOLOG Y FOP ART HENTiCRTSNG 




TO T H E C GRfi ?*! i RS$ OR E R FOR PATENTS 








ed applicator;. 














i CLASPS AS AMENDED ' I 








Rats 















I Claims 


3 j - 4 








| S&iitipte Dependent Claim* (check if applicable) 1 { 




\ Other fee {plaas 








.TOTAL ADOFk-NAL FhF FQF, \HiS ^F-MWN-: 












1 Small Fniity 




i i No additions 










i X ; Please charge Ei-T Account Ho Si 




i the amount of S 


120.00 




'Til tO\ - v 


to cover 








-fsdit card. Form PTOR;03f 














\ x } Credit a 


v/ overpayment. 
















? CFR 1.16 and 1.1? 








Dated: 




feiNos.i.Fifio " 
Attorney/Agent Reg. No. 33,273 








PERKiRS CO IE LLP 
P.O. Sox 124? 

Semite, Washington SS1 1 1 ■• 1 247 
(206) 359-6000 

















IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



in re Patent Application of: 
Wong et ai. 

Application No/ 09/652.360 Confirmation No. <1462 

Filed: August 312000 Art Unit: 2152 

For: METHODS AND SYSTEMS FOR Examiner A. Widhaim 

SELECTING METHODOLOGY FOR 
AUTHENTICATING COMPUTER SYSTEMS 
ON A PER COMPUTER SYSTEM OR PER 
USER BASIS 

AMENDMENT IN RESPONSE TO NQN» FINAL .OFFICE ACTION 



MS Amendment 
Commissioner for Patents 
P.O. Box 1450 
Alexandria VA 22313-1450 



INTRODUC TORY COMMENTS 

In response to the Office Action dated April 1?, 2007, please amend the above 
identified U.S. patent application as follows: 



Amendments to the Claims are reflected in the listing of claims which begins or 
pane 2 or tms paoer. 



Remarks/Arguments begin on page 8 of thus paper. 
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ArVlENPSaeNTS TO THE CLAIMS , 

1-29. (Canceled) 

30. (Currently Amended) A method in a server computer of authenticating client 

com p uter syste ms using various lythentioalion mechanisms,, each authentication 

mech anism specifying a Ivoe of information necessary to verity a purported identity of a 
client computer system, each client computer system having client-s&eaiic knowiedqe of 
the information necessary jo verify she purported scJer?t=fy of the client comparer system, the 
method comprising: 

§tpjiria...K3r..each,.ci 

mechanism that can ee used to authenticate the c iient computer system, at 

least some client computer systems having multiple au thentic at ion 

mechanisms that can be used to aut henticate the client com puter system, 

computer system a..pluraiity...of en instruction s, each instruction identifying a 
, h r w w up <n r ^ N hoc !\ «, <c UV t,V** n\U^ , 

authentication methodejogy-mechanism, that fs-fecan be used to authenticate 
a- -the ciient computer system, fa$-4&-eacfi ciient computer system being a 
separate computer system from the controlling client computer system, the 
authentication me> ! k>ov>\ry me< s ha iisr^ _r>oine ^tea^U fsem n\ *io!^ 
authentication meti^a^eejes-mecha nisms based on authentication abilities 

^ * , h i»nU ^ .« \K \ v i *. ^ t s i i a 
system supports and access rights of the client computer system to access 
resources; 

after receiving ^e--aji...instruction for a client com puter system and before 
in I n» ii v *k n i n N nt.ui n r M< \*. » n . > \i » ^ '\ 
that c lient computer system to access a service of the server computer 
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system ; and 

upon receiving the request from the-that ciient computer system to access a service 

of ihe stiver computer vvneiLJn^t client computer system can be 

auj}ejntica£ed. using niuKjaje mtl.henyoaiion ;n&chanlsmK ; ^§^|ng an 

authentication mechanism and initially authenticating &e-that cisent computer 
system using the MidtGa^-^56jacte^authenticc-Uion ffl€-fe©doloayLne^n|s«ri. 
uaseji.on.jhejn^ 

31 . (Currently Amended) The method of claim 30 wherein t-he- ai least one o f the 
plur ality o* i nstructions indicates that multiple authentication methodologies- mechanisms 
can be used to authenticate the-a .client computer system and wherein &e~ that client 
computer system, is authenticated using one of the indicated authentication 
mertftedelQCBeftmec harnsms . 

32. (Currently Amended) The method of claim 30 wherein the plurality of 
instructions indicates that the same authentication ««ahetielec^ mechanlsm is to be used 
to authenticate multiple client computer systems and wherein the multiple client computer 
systems are authenticated using the indicated authentication mettedelee^ iTieohanlsm . 

33. (Currently Amended) The method of claim 30 wherein the plurality of 
instructions indicates that multiple authentication mefhodotef iee- m ech a n i sm s can be used 
to authenticate multiple client computer systems and wherein the multiple client computer 
systems are authenticated using one of the indicated authentication 
methsdolc^iesmedianisjiTs. 

34. (Currently Amended) The method of claim 30 wherein one of i ^ c 1 1 e 
authentication m*tf^4ek5§v-m^ci^iy;]is_!s an assertion authentication. 
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35. (Currently Amended) The method of claim 30 wherein one of the [QjJIifite 

36. (Currently Amended) The method of claim 30 wherein one of the mul^te 
authentication m^adeteo^ -mechanisms is digest authentication. 

37. , i t, I., C* ^*>.V V ^ e ^ ( <■ >> JJ N 

38. (Currently Amended) A method in a controlling client computer system for 
providing indicates of authentication me*hed©l©§ies -mechanisms.. to a server computer 

^ s ^ » a' cv_^dki i , n v^it, * t v v v_ 2< v' ^ r * ^ " 
verify a_iMi5Q!Mdjciej.^ 

client-specific knowledge o f t he information necessary to verify the purpo rted Identity, of the 

client co mputer system, t he method comprising: 

generating an- a p lurality of instructions, each instruction identifyin g .a client 
computer system and id entifying al least one that ^die&te&--an--authemsoatson 
fnelhodoloo.y is-4ocan be used to authenticate a-f. he. client 

computer systen\.ji3ch &af---is----a separate 

computer system from the controlling client computer system, the 

authentication methodology— mechanism being selected from multiple 

authentication mevheaetoyies • mechanisms based on authentication abilities 
indicating authentication methocjologiee-mechanisms that the client computer 
system supports and access rights of the client computer system to access 
resources; and 

sending the generated instructions to the server computer system so that upon 
receiving a request from the~a citerrt computer system to access a service of 
the server computer systemjhe^.rjsque^ 

.vi^MlLcoj^ after the instruction is received at the server 
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computer system and before authenticating fee-that client computer system, 

when.JhaL.cyem^ ^ySte;n...can_be.. ..airrKesiiicm^l.jialiia..JIiyi^Pls 

aujhentie^^ server computer system ea^sejee1s_an 

aytheifet^ authenticate t«e that client computer 

sysiem using the -falcated- s&ie^ ^e^oe'oio^ymechanisrri 

based.j>fitM^ 

client computer system . 

39, (Currently Amended) The method of claim 38 wherein Ihe- at least one of the 
aiy-ElMiLcL- i nsiriK.tion.§ ind scales that multiple authentication rneteM©§ie«H};s^ 
can be used to authenticate -&e~a_client computer system and wherein -the -that c lient 
computer system is authenticated by the server computer system using one of the 
indicated authentication ffie#^e^iee meehan isms . 

40< (Currently Amended) The method of ciaim 38 wherein the plurality of 
instructions indicates that the same .authentication r^^edeje^v -mechanism is to be used 
to authenticate multiple client computer systems and wherein the multiple client computer 
systems are authenticated by the server computer system using the indicated 
authentication fflethodolwmechantsm . 

41. (Currently Amended) The method of claim 38 wherein the plurality of 
instructions indicates that multiple authentication meth-ed-eteojes mechanisms can be used 
to authenticate multiple client computer systems and wherein the multiple client computer 
systems are authenticated by the server computer system using one of the Indicated 
authentication methodeiGgiesm^chai^jsir!^. 

42. (Currently Amended) IK snenhud eiam 36 wheu* N on^ of mo isk.vplo 
authentication metfee^iel^p^ rnechanjsrns »s an assertion authentication. 
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43. (Currently Amended) The method of claim 38 wherein oneofj.he multiple 
1 t v \ <. c " ^et^e*u,ach, iim " ,< r-" ^ v^r - 1 P ^tl x at 

v. ^ u o \.v >snk,rvd , »[■> ix T ^ of „ ^3 s\ ^ o> e,,o_-> * ^ ^o, k 
authentication r-Heltoteloav-mechanisms is digest authentication. 

45 (Cuuentiy Amended) The method of claim 38 wherein one of the oiu[tjpje 
authentication fyseil^ogol^3¥-meohanism§ is an NTtivt authentication. 

46, (Currency Amended) A tangible computer-readable medium e-ontasning 
instructions for controlling a server computer system lo authenticate entstiesjisinQ_ vajjoys 

authentication mechanisms., each authentication mechanism specifying a type of 

m % n ev> - ;k\v»a\ to soc ^ a jj^Uv >\ >j:'kv ^ j aj **nt iv ^'Tt o ^trh >\> ^ N ? i\ 
v ^JL^ x n_ uf^o v ?rk " o o^ n \ <e \ n ^ii;u\ ^ i<\ N i\ s, a 
entity, by a method comprising: 

* <n } h .v -v i ! us ii N ! ci tK ^ i. k i ». > ) 

can be used to authenticate the entit y, at least some entities havin g multiple 

ill tK-> N i r v'l ii> >i i. fi> ^ i i v h 

indications beinQ store d based on reserving from a controlling entity asva 
plurality of instructions, eacrs insbuction identifying an entity and ide ntifying at 
least one li-r^4ftdk^e-s--an~autheni!cation ^B^o4©io9y••^me5h3nism..that s 
tocan be used to authenticate an-the. entity, the authentication mefhedelegy 
\^»^tr v N ro oeofv Ut" mru ruJuo m CYkS^r^ 

mechanisms based on authentication abilities of the entity that indicate which 
if f » N i i * \ » "> i i ^ ! * i i c > n N the 
controlling entity being a separate entity from shfe- each entity; 
after receiving the an instruction from foe controlling entity for an entity and before 
authenticating the-^fenl--ae^^yle^-^y^temmat entity, receiving a request from 
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^eihaLentity & access * service of the server computer syetemjne j^seest 
ILlc u^cl*ri^_£L^y.U^ J^e^otit^^f „ib.^.!„_^LDti ty . end 
upon receiving the requesl from the-- that e ntity to access a sen/see of the server 
n\ i ^vl * ^ u \ <v fcv„>ntvnUa N d sm_1 <t»ji u * 

^!;bg[}i^i;S!l.JB±^MQk!))S 3&±M£]il£.J^ and 

initially authenticating tne thai entity using >he !nd;cated seleored 

authentication memee^iegymeclianjM^^ 
to verify the purported identity of that ent ity. 

47 (Currently Amended) The computer-readable medium of claim 46 wherein §| 
least one of the plu rality of fo e— instructions indicates that multiple authentication 
cvti^vJolo^H'^^hiirism^ can hv ikJ to authenv neshwao entit\ and wie;e>n t^ethai 
entity is authenticated using one of the indicated authentication 
metfe edo togie s mechanisms . 

48. (Currently Amended) The computer-readable medium of claim 48 wherein 
the plurality of instructions Indicates that the same authentication fflelhed^loov- mechangsm 
i$ to oe used to authenticate multiple entities and wherein the multiple entitles are 
authenticated using the indicated authentication nie^hcxIo'ogynsechanisjTL 

49. { Currently Amended) The computer-readable medium of claim 48 wherein 

the plutahtv oL. instructions indicates that multiple authentication m^t&oclolo^s 

mechanisms can be used to authenticate multiple entities and wherein the multiple entities 
ere authenticated name one of the mdlcaied authentication met4vxiote§iesn-^ 

50. (Currently Amended) The computer-readable medium of claim 49 wherein 
the aulhenhcetion methodology : Deohanjsrn is selected from a group consisting of an 
assertion authentication, a basso HTTP authentication, a digest authentication, and an 
NlUvl a uthe nticatio n < 
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SilMEi 

Claims 30-50 are pending in this application. Claims 30-50 are amended. 

Applicant would like io thank the Examiner for the courtesy extended during me 
telephonic interview on June 20, 2007. During the interview, the Examiner and applicant's 
representative discussed pcopos.ec! claim amendments to overcome the cited art. 

^ mi \ n 1 «. i " t ^ 1 uill cmt ncknn 5 i . 
clarify the subject matter of the invention. 

The Examiner has rejected claims 30-33. 35, 38-41, 43. and 46-49 under 35 U.S.C, 
§ 1035 a) over Shamhroom and Wood; and has rejected claims 34, 36-37. 42. 44-45. and 
50 under 35 U.S.C. § 103(a) over Sharnbroom. Wood, and Applicant Admitted Prior Art. 
Applicant respectfully traverses these rejections. 

Applicant has amended the pending claims to clarify (1) that applicant's 
authentication mechanism specifies "a type of information necessary to verify a purported 
identity of a client computer system" or "entity, * and (2) that at least some client computer 
systems or entities have "multiple authentication mechanisms that can be used to 
authenticate the client computer system" or "entity/ 1 As amended, claims 30-45 recite 

^jk nut 1 out >mi of* im ti \u v , j . v •>? > *)u. ax ** o<> / **>\e;^ a 
purported identity of a client computer system/ 1 As amended, claims 30-3? also recite "at 
least some client computer systems having multiple authentication mechanisms that can 
be used io authenticate the client computer system.' As amended, claims 38-45 also 

v N R* ^-\ntrk».knr oupiV ^ n.r«o \,M >*■* v^^ !t -m ,t o **• v ! v ^> 
mechanisms " As t 1 N < > s M i uit ^ ^ i it t o i \ ** 
specifying a type of information necessary to verify a purported identity of an entity" and "at 
least some entities having multiple authentication mechanisms that can be used to 
authenticate the entity." 

Neither Sharnbroom nor Wood discloses or suggests an authentication mechanism 
that specifies "a type of information necessary to verify a purported identity of a client 
compute 1 * system" or "entity." Sharnbroom describes a key distribution center that sends 
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authentication information to a network server for authenticating a client. (See 8:27-44- 
Figure 3.) Shambroom simply describes sending authentication information, which is 

^ \ ol ^O^-i ^ . , 1 Muti^ ukVC ft'Np i v JLUi^r N N ^ m > »^ ' 

J'tck** ^aphccnrs ievhonu^s h^kve unv nv it nfemutson itself is seif ho- a 
client computer system or entity lo the server, a separate controlling client compute! 
system or entity identifies at least one authentication mechanism for the client computer 
system or entity; the authentication mechanism specifies s type of information that the 
- N * ^ mec. ^ccm o f o Mi\ ^ ' K t ro k v ^ t> 4 c „< N k \ ^rm UuH, ^ 
Thss I*- ! i s n im ^ » j "> N iu ! i i ^ S 1 v ^ 
describes sending authentication information itself, applicant can find nothing in 
Shambroom that discloses or suggests an authentication mechanism that specifies "a type 
of information necessary to verify a purported identity of a client computer system" or 
"entity." 

Nor can applicant find anything in Wood that discloses or suggests an 
authentication mechanism that specifies !! a type of information necessary to verify a 
purported identity of a client computer system* or "entity." indeed, the Examiner has only 
reiieti on Wood as teaching an "authentication methodology being selected from multiple 

f i t " s kfhV s K\ii - v s > , N h "'t Hit n v Mi ,s \ Hi N 

methodologies thai the client computer suoports and access rights of the client computer 
system to access resources." (Office Action, Apr, 17, 2007, p. 4.) 

in s } s !,)k^ \v i v vh v n NiOK t * ^ u < ^ ^m so v ! nt 
computer systems or entities have "multiple authentication mechanisms that can be used 
to authenticate the client computer system" or "entity." While Shambroom describes that 
another secure authentication protocol may be used., it recommends using an 

!lM h u-l > \ l nC U IXv p> Ik *\ i v ! > ! "k ^ O T " 

can find nothing in Shambroom that, discloses or suggests that more than one 
authentication protocol can be used to authenticate a particular client; the method 
described by Shambroom apparently selects one authentication protocol at the outset and 
uses that protocol to authenticate all clients. Applicant can and nothing in Shambroom that 
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discloses or suggests that at least some ciieni computer systems or entities have "multiple 
authentication mechanisms that can be used to authenticate the client computer system*' 
or "entity." 

'\ *:\wu-i u\.\Mli ! \\ x ik>^ \ - i O v i^C, 

^ t. t <• n ! i ! H< i N s. i i! v. t Ul 1 s i t i \ v 10 

authenticate me client computer system" or "entity. ! * Nevertheless, Wood does nor 
disclose or suggest a controlling client computer system that identifies such authentication 
mechanisms. VVood describes a server that provides an entity (i.e., client) with a list of 
o > s, no ant i ithHer^U in s ^ n « in^y 1 1 n v ^ s »m 

the server wirh one or more credentials as necessary for authentication under the selected 
schema. (See 1 1 : 34-41 .) 

In view of the above amendment and remarks, applicant believes the pending 
,. \ ^ei ^ n > Irn a < «. u rnu nr N \ v,.' ^ , om^ 1 mi x> iX 
Examiner has any questions or behaves a telephone conference would further expedite 
prosecution of this application, the Examiner is encouraged to call the undersigned at 
(206) 359-8548. 

If additional fees are due. please charge our Deposit Account No. 50-0665. under 
Order No, 418268758US from which the undersigned m authorized to draw. 



Dated: August 17, 2007 Respectfully submitted, 

By4J^a^^^^j.__..ilw™v 

Maurice J. Puio 

Registration No.: 33,273 
PERKINS COIE LI. P 
P.O. Box 1247 

Seattle, Washington 981 1 1 -1 247 
(200; 359-8548 
(208) 359-9548 {Fax; 
Attorney for Applicant 



